Secure method for secret key cryptographic calculation and component using said method

ABSTRACT

A secured method of cryptographic computation to generate output data from input data and from a secret key includes a derived key scheduling step to provide a derived key from the secret key according to a known key scheduling operation. The method also includes a masking step, performed before the derived key scheduling step, to mask the secret key so that the derived scheduled key is different at each implementation of the method. The present method and component can be used in transfer type applications, such as bank type applications.

FIELD OF THE INVENTION

The present invention relates to a component and secured method forcryptographic computation with a secret or private key, and moreparticularly, to the protection of such components against an SPA(Simple Power Analysis) type physical attack which are designed toobtain information on the secret or private key through the powerconsumption or the electromagnetic radiation of the component when itimplements the encryption method.

BACKGROUND OF THE INVENTION

Components with strictly controlled access to the services and/or to thedata typically have an architecture formed around the microprocessor anda program memory including the secret key. Such components are used forexample in smart cards, especially for banking applications, via acontrol terminal or remote terminal. Such components use one or moresecret key encryption or private key encryption methods to compute anoutput data from an input data. Such a method is used for example toencipher, decipher, authenticate or sign an input message or else verifythe signature of the input message.

To ensure the security of the transactions, the secret key or privatekey encryption methods are constructed in such a way that it is notpossible to determine the secret key used from the knowledge of theinput data and/or the output data of the algorithm. However, thesecurity of a component relies on its capacity to keep the secret keythat it uses concealed, for this key cannot be modified.

One method frequently used is the DES (Data Encryption Standard) typemethod. This method can be used for example to give an encipheredmessage MS (or output data) encoded on 64 bits, from a plaintext messageME (or input data) also encoded on 64 bits, and a secret 56-bit key K₀.The main steps of the DES are described in detail with reference toFIG. 1. After an initial permutation IP, the block formed by thepermutated bits of the input data is separated into a left-hand part L₀and a right-hand part R₀.

After this, 16 rounds of identical operations are performed. During eachround of operations, the right-hand part (R₀, . . . , R₁₅) of anintermediate data computed during the previous round of operations iscombined with a derivative key (M₁, . . . , M₁₆) during a transformationcalled a transformation F. The result of the transformation F is thenadded (XOR operation) to the left-hand part (L₀, . . . , L₁₅) of theintermediate data computed during the previous round of operations.

After the 16^(th) round of operations, the left-hand part L₁₆ andright-hand part R₁₆ of the 16^(th) intermediate data are assembled and afinal permutation IP⁻¹, which is the inverse of the initial permutationIP, terminates the procedure. An i-ranking round of operations includedbetween 1 and 16 is described in detail with reference to FIG. 2. The 56bits of an intermediate key K_(i−1) computed during the previous roundare shifted (operation S_(i)) to give a new updated intermediate keyK_(i), then 48 bits out of 56 are selected by an operation PC ofpermutation/compression to provide a derived keyM_(i)−M_(i)=PC(K_(i))=PC(S_(i)(K_(i−1)). The association of the steps PCand S_(i) forms a key computation step ET2.

In parallel, the transformation F is carried out. The right-hand partR_(i−1) of a piece of intermediate data computed during the previousround is extended to 48 bits by an expansion (operation E), combinedwith the derived key M by an XOR type operation, replaced by 32 new bitsby a substitution operation (represented by the operation SBOX), thenpermutated once again (operation P). In practice, the operations F, P,E, PC, SBOX are identical for all the rounds. On the contrary, theoperations S₁ to S₁₆ used during the computation of the derived keys K₁to K₁₆ are different from one round to another.

All the characteristics of the operations IP, Ip⁻¹, P, PC, E, SBOX,S_(i) performed during the implementation of a DES method are known: thecomputations made, the parameters used, etc. These characteristics are,for example, described in detail in the patent application WO 00/46953or in the “Data Encryption Standard, FIPS PUB 46”, published on 15 Jan.1977.

The security of a component using an secret key or private keyencryption method lies in its capacity to keep the key that it usessecret, especially when it undergoes SPA type analysis. In an SPAanalysis, the component is made to execute several time the encryptionmethod that it uses by applying the same input data ME, and, for eachexecution of the method, the trace left by this execution is measured asa function of time. The trace represents, for example, the powerconsumption of the component or the electromagnetic energy radiated as afunction of time. The set of measurements are then averaged to eliminatethe noise from the measurement and obtain the real trace of the circuitfor a fixed input data ME. For example, a set of 10 to 1000 identicalmeasurements may be enough to eliminate the noise from the measurementand obtain the real trace of the component for a fixed input data ME.

The form taken by a trace such as this is shown in FIG. 3, in the caseof a DES type method. This figure clearly shows the different steps ofthe DES method: initial permutation IP before the instant t1, 16 roundsof operation between the instant t2 and t1, t3 and t2, . . . , t17 andt16, and final permutation IP⁻¹ after the instant t17. As can be seen inthe trace of FIG. 3, it is thus fairly simple to obtain information onthe secret key used in the case of a component using a standard DESmethod. For example, it is possible, for each round of operations, todetermine an image of a derived key M_(i) by identifying the timeinterval during which a derived key transfer instruction is carried outbefore the execution of the XOR operation. Since all the derived keys M₁to M₁₆ are obtained from the secret key K₀ by known operations, theknowledge of simple images of the derived keys provides information onthe secret key.

More generally, all the encryption methods using secret keys are more orless sensitive to SPA type analysis. Their sensitivity is especiallyimportant during the performance of a critical step during which thesecret key is used either directly or in a derived form obtained by aknown law of derived key scheduling. A critical step of this kind is forexample a derived key scheduling step during which an updated derivedkey M_(i) is computed from a previously computed key K_(i−1).

SUMMARY OF THE INVENTION

It is an object of the invention to implement a secured method forcryptographic computation with secret or private key that is immunizedagainst any physical attack of the SPA type, namely a secured method ofcryptographic computation whose trace, during the implementation of themethod, gives no information on the key that it uses, whatever the inputdata used by the method, and whatever the number of uses of the method.

With this goal in view, the invention relates to a secured method ofcryptographic computation to give an output data (MS) from an input data(ME) and from a secret key (K₀), the method comprising several derivedkey scheduling step (ET2), to provide each an updated derived key (M′₁,M′_(i)) from a previously computed derived key according to a known keyscheduling law, a first updated derived key (M′₁) being obtained fromthe secret key (K₀).

According to the invention, the method also comprises a masking step(ET1), performed before a first key scheduling step (ET2), to mask thesecret key (K₀) so that the updated derived scheduled key (M′₁, M′_(i))is different at each implementation of the method.

The invention also relates to an electronic component using a securedmethod of cryptographic computation according to the invention.

The word “masked” (or “mixed”) should be understood here and in the restof the document in the following sense: in a method according to theinvention, a data, a result, are said to be masked if they have adifferent value during two executions of the method, especially duringtwo executions of the method using the same input data and the samesecret key.

Thus, with a secured method of cryptographic computation according tothe invention, a component that executes the method with the same inputdata twice gives two different traces, especially on a critical timeinterval corresponding to the trace left by a critical instruction ofthe method, which uses the derived key.

In other words, whatever the input data used, and even if the input datais identical during several cases of implementation of the securedcryptographic computation method according to the invention, the traceleft by the component is always different from one implementation toanother. To obtain this result, during the masking step, a randomlychosen masking parameter is mixed with the secret key, to give a maskedsecret key, the first derived key being computed from the masked secretkey during the first key scheduling step. After the masking step, thenon masked secret key may be erased, since it is no longer used. Only,the secret key is used during the next steps of the method. The securityof the method is thus reinforced.

Thus, with the invention, the key actually manipulated during theimplementation of the method is a random number because it is derivedfrom a masking by a random number (the masking parameter). Consequently,the traces of the component using the method is itself random from oneimplementation of the method to another, simply because of the presenceof the masking parameter which is randomly chosen before eachimplementation.

Consequently, even if several measurements of traces of the componentare made in using identical input datas, the averaging of thesemeasurements will lead to an average trace that is constant as afunction of time (the average of a set of random traces), that gives noinformation on the value of the key used, even if critical operationsare performed. Thus, with the invention, the component is completelyimmunized against any SPA type physical attack.

The invention thus uses a weak point of an SPA type attack, to protectthe component. Indeed, if an SPA type attack is to succeed, namely if anSPA type attack is to provide information on the secret key used by thecomponent, there should necessarily be a critical time interval forwhich the trace of the component is identical on this interval, possiblywhen the input data ME is identical, and during which the visibleinformation is relevant, i.e. during which it represents all or part ofthe secret key and/or all or part of a key derived from the secret key.

The component of the invention gives different traces during eachimplementation of the method of the invention, even if the input dataused is the same. Consequently, it is not possible to find a criticalinterval during which the visible information is relevant and identicalfrom one implementation of the method to another. An SPA attack on thecomponent therefore cannot provide information on the secret key.

According to an embodiment, the method of the invention also comprises:a computation step using the derived scheduled key or an updated derivedkey, and an unmasking step, executed after the computation step, toeliminate the contribution of the masking parameter on the result of thecomputation step.

According to another embodiment, the method of the invention comprisesseveral computation steps, each using an updated derived key and anunmasking step is executed after each computation step, to eliminate thecontribution of the masking parameter on the result of the precedingcomputation step.

During the masking step, the following operation is, for example,performed: K′₀=K₀|X₀, K′₀ being the masked secret key, K₀ being thesecret key, X₀ being the masking parameter. The operator “|” is a mixingoperator, preferably a two-parameter linear operator. In one example,the mixing operator is an XOR operator. During the unmasking step, anoperator that is the inverse of the mixing operator is preferably usedto remove the contribution of the masking parameter from the updatedderived key.

According to a preferred embodiment of the invention, the method is asecured DES type method comprising 16 rounds of operations, each roundof operations using an updated derived key. In one example, a singlemasking step is performed before a first round of the DES type method.In another example, a masking step is performed at the start of eachround of the DES type method.

At each round of operations a transformation is performed, comprising acomputation step to combine an intermediate data computed during theprevious round and an updated derived key, and an unmasking step isperformed after the computation step. Each masked updated derived keymay be computed during the round of operations that uses it. Or else,all the derived keys may be computed elsewhere, independently of therounds of operations that use them. They may, for example, be computedbefore or during a phase of initialization of the method.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will be understood more clearly and other features andadvantages of the invention shall appear from the following descriptionof exemplary forms of implementation of secured methods of cryptographiccomputation according to the invention. The description will be madewith reference to the appended drawings, of which:

FIG. 1, which has already been described, is a flow diagram illustratinga known encryption method using a secret key;

FIG. 2 which has already been described is a schematic drawing detailinga step of the method of FIG. 1;

FIG. 3, which has already been described, is a graph illustrating thetrace left by a component using the encryption method of FIG. 1, as afunction of time;

FIG. 4 is a schematic drawing illustrating a simplified encryptionmethod;

FIG. 5 is a schematic drawing illustrating the method of FIG. 4, securedaccording to the invention; and

FIG. 6 is a schematic drawing illustrating a DES type method, securedaccording to the invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

In a first example described herebelow with reference to FIG. 4, themthod is used to encode a 32-bit input data R₀, and give a 32-bit outputdata R₁ from a secret key K₀ and the input data R₀. The method can besubdivided into a derived key scheduling step ET2 and a transformationstep F. The derived key scheduling step ET2 gives a derived key M₁ fromthe secret key K₀. The key scheduling step is formed by an operation S₁for shifting the bits of the variable K₀, which gives K₁=S₁(K₀) and apermutation/compression step PC. Thus, the derived key M₁ is obtained bythe relationship: M₁=PC(S₁(K₀)).

The transformation step F gives the output data R₁ from the input dataR₀ and from the derived key M₁. The transformation step F is identicalto the step F of a standard DES type method and can be subdivided asfollows. The data R₀ is extended from 32 to 48 bits by an expansion E,combined with the derived key M₁ by an XOR operation, replaced by 32 newbits during an operation of substitution SBOX then permutated again(operation P). Thus the output data R₁ is obtained by the relationship:R₁=P(SBOX(E(R₀)+M₁)).

The method of FIG. 4 is secured according to the invention by theaddition of an initialization ET0, a masking step ET1, a differencecomputing step ET3 and an unmasking step ET4 (FIG. 5). During theinitialization step ET0, a masking parameter X₀ is chosen randomly.During the masking step ET1, performed after the initialization stepET0, the masking parameter X₀ is mixed with the secret key K₀, to give amasked secret key K′₀. The mixing is done by the following relationship:K′₀=K₀|X₀.

The operator “|” is chosen to be linear with respect to the twovariables that it mixes. In one embodiment, the operator “|” is an XORoperator. The operator “|” may also be any type of linear operator. Ingeneral, the operator “|” has the following properties, whatever thedata A, B, C:

“|” has second parity: it takes two arguments as parameters;

“|” verifiesC(S(A|B))=PC(S(A))|PC(S(B));

“|” verifies (A ⊕ B)|C=A ⊕ (B|C), ⊕ being the XOR operator.

There is an operator “|⁻¹”, the inverse of “|”, such that (A|B)|⁻¹ A=B,possibly “|” and “|⁻¹” are identical.

The key scheduling step ET2 is then carried out from the secret key K′₀,to give a masked derived key M′₁. Thus, the masked, derived key is givenby the relationship:M′₁=PC(S₁(K′₀))=PC(S₁(K₀|X₀))=PC(S₁(K₀))|PC(S₁(X₀)). The last equalityis deduced simply from the fact that the operators PC, S₁ and “|” arelinear operators. Since PC(S₁(K₀))=M₁ (see the example of FIG. 4), it isfinally deduced therefrom that M′₁=M₁|PC(S₁(X₀), M1 being the derivedkey computed according to the method of FIG. 4, non secured.

The difference computation step ET3 is carried out after theinitialization step ET0. The step ET3 can be carried out before, inparallel with or after the key scheduling step ET2. The step ET3determines the contribution C₁ given by the parameter X₀ to the maskedderived key M′₁. The step ET3 is similar to the step ET2; the step ET3thus comprises an operation S₁ to give a masking parameter X₁=S₁(X₀)that is updated by shifting of the bits of X₀, and an operation PC tocompute the contribution C₁. The contribution C₁ is thus computedaccording to the relationship: C₁=PC(S₁(X₀)). We finally deducetherefrom M′₁=M₁|C₁.

The unmasking step ET4 is a sub-step of the transformation step F′(which corresponds to the transformation F modified by the addition ofthe step ET4 according to the invention); the step ET4 is carried outbetween the operation of combination by an XOR operator and thenon-linear substitution operation SBOX. The step ET4 seeks to remove thecontribution C₁ given by the updated parameter X₁ on the result of thecombination operation. For this purpose, the operator “|⁻¹” is used.This is the inverse linear operator of the operator “|”. For example, ifthe operator “|” is an XOR, then the operator “|⁻¹” is also an XOR. Atoutput of the step ET4, we have:(E(R ₀)+M′ ₁|⁻¹ C ₁ =E(R ₀)+M ₁ |C ₁|⁻¹ C ₁ =E(R ₀)+M ₁

Thus, after elimination of the contribution C₁, the variable thatappears at the input of the SBOX type operator is equal to E(R₀)+M₁,i.e. it is identical to the variable that appears at the input of theoperator SBOX of a method that is similar (FIG. 4) but not securedaccording to the invention. Consequently, the output data that appearsat output of the transformation step F′ is identical to that appearingat output of the transformation operation F of the non-secured method ofFIG. 4.

As discussed, the results given by the methods of FIGS. 4 and 5 areidentical: the value of the output data is the same in both cases if theinput data element and the secret key are the same.

Just as in the case of classic DES method, the method of FIG. 4 issensitive to SPA attacks for the same reasons. Indeed, for one and thesame secret key K₀, the value of the derived key M₁ is identical at eachimplementation of the method. An SPA attack is therefore possible bymeasuring the trace of the method, especially during the time intervalbetween the key scheduling step ET2 and the transformation step F′.

By contrast, the method of FIG. 5 according to the invention isimmunized against SPA type attacks. Indeed, for one and the same secretkey value K₀, the value of the corresponding derived key M′₁ is alwaysdifferent from one implementation of the method to another because themasking parameter X₀, chosen randomly during the initialization of thealgorithm, makes a random contribution C₁ to the derived key M′₁.

Thus, according to the invention, the method is protected against SPAattacks by the addition of a random masking parameter.

In another example, we consider the DES type method shown in FIGS. 1, 2.As seen here above, a DES type cryptographic method computes an outputdata MS from a secret key K₀ and an input data ME. The DES methodcomprises 16 rounds of operations, preceded by an input permutation IPand followed by an output permutation IP⁻¹, that is the inverse of theinput permutation. Each round of operations comprises especially (FIG.2) a derived key scheduling step ET2 and a transformation step F.

According to the invention, the DES method is secured (FIG. 6) by theaddition of an initialization step ET0, a masking step ET1, and theaddition, at each round of operations, of a difference computation stepET3 and an unmasking step ET4, similar to those of FIG. 5. With a viewto clarity and simplification, only the i^(th) round of operations hasbeen shown in FIG. 6, i being an integer ranging from 1 to 16, with thecharacteristic steps ET0 to ET4 of the present invention.

During the initialization step ET0, a masking parameter X₀ is chosenrandomly. During the masking step ET1, performed after theinitialization step ET0, the masking parameter X₀ is mixed with thesecret key K₀, to give a masked secret key K′₀, as in the above example.The mixing is done by the following relationship: K′₀=K₀|X₀.

In the i^(th) round, the key scheduling step ET2 gives an i-ranking,masked derived key M′_(i) from an i-ranking masked intermediate keyK′_(i−1), computed during the step ET2 of the preceding i−1 rankinground. The step ET2 includes an operation S_(i) for shifting the bits ofthe previously computed masked intermediate key K′_(i−1) and anoperation PC. We have the following relationships:

$\begin{matrix}{K_{i - 1}^{\prime} = {K_{i - 1}❘X_{i - 1}}} \\{K_{i}^{\prime} = {S_{i}\left( K_{i - 1}^{\prime} \right)}} \\{M_{i}^{\prime} = {{PC}\left( K_{i}^{\prime} \right)}} \\{= {{PC}\left( {S_{i}\left( K_{i - 1}^{\prime} \right)} \right)}} \\{= {{PC}\left( {S_{i}\left( {K_{i - 1}❘X_{i - 1}} \right)} \right)}} \\{= {{{PC}\left( {S_{i}\left( K_{i - 1} \right)} \right)}❘{{{PC}\left( {S_{i}\left( X_{i - 1} \right)} \right)}.}}}\end{matrix}$

The last equalities are deduced from the properties of the linearoperators PC, S_(i), “|”. Furthermore, since PC(S_(i)(K_(i−1)))=M_(i)(see the example of FIG. 2), we finally deduce therefrom that:M′ _(i) =M _(i) |PC(S _(i)(X _(i−1))).

The difference computation step ET3 is performed after theinitialization step ET0. The step ET3 may be performed before, inparallel or after the step ET2. The step ET3 updates the value X_(i−1)of the masking parameter X₀ and then determines the contribution C_(i)given by X_(i−1) to the derived key M_(i)′.

The step ET3 is similar to the key computation step ET2; the step ET3comprises an operation S_(i) to give X_(i) by shifting of the bits ofthe parameter X_(i−1), and an operation PC of permutation compression togive C_(i). The contribution C₁ is thus computed according to therelationship: C_(i)=PC(X_(i))=PC(S_(i)(X_(i−1))). We finally deducetherefrom M′_(i)=M_(i)|C_(i).

The unmasking step. ET4 is a sub-step of the transformation step F′(which corresponds to the transformation F modified by the addition ofthe step ET4 according to the invention); the step ET4 is carried outbetween the operation of combination by an XOR operator and thenon-linear substitution operation SBOX. The step ET4 seeks to remove thecontribution C₁ given by the updated masking parameter X_(i), in usingthe operator “|⁻¹”. After the step ET4, the variable that appears at theinput of the SBOX type operator is equal to:

$\begin{matrix}\left( {{{{E\left( R_{i - 1} \right)} + M_{i}^{\prime}}❘^{- 1}C_{i}} = {{{E\left( R_{i - 1} \right)} + M_{i}}❘{C_{i}❘^{- 1}C_{i}}}} \right. \\{= {{E\left( R_{i - 1} \right)} + M_{i}}}\end{matrix}$

It is therefore identical to the variable that appears at the input ofthe operator SBOX of a method that is similar (FIGS. 1, 2) but notsecured according to the invention. Consequently, the data R_(i) thatappears at output of the transformation step F′ is identical to the onethat appears at the output of the transformation operation F of thenon-secured DES method (FIGS. 1, 2).

Thus, with the DES method secured according to the invention, thecomputed intermediate data L_(i), R_(i), for i ranging from 1 to 16, areidentical to those obtained by a standard DES method. By contrast, withthe secured method according to the invention, none of the keys used(secret key, intermediate keys, derived keys) is accessible by an SPAtype attack. More specifically, an SPA type attack on the steps of themethod corresponding to the derived key scheduling gives no relevantinformation on the secret key and/or on one of the intermediate keysK_(i). or derived keys M_(i). Indeed, the value of these keys isdifferent at each implementation of the method, whatever the value ofthe input data or the secret key used by the method.

Modifications and/or improvements of the method of FIG. 6 are possiblewithout departing from the scope of the invention. For example, in theDES method of FIG. 6, the key scheduling step ET2 and the differencecomputation step ET3 are performed during the round of operations thatuse the key M′_(i) and the contribution C_(i) that are produced by thesteps ET2, ET3.

It is however possible to carry out the steps ET2, ET3 independently ofthe rounds of operations of the DES method. For example, it is possibleto carry out all the steps ET2, ET3 during the phase of initializationof the method, after the step ET0 for choosing X₀. All the keys M′₁,M′₁₆, and all the contribution C₁ to C₁₆ are in this case stored andthen given at each round of operations when they are used.

It must be noted finally that all the examples described here above mustbe considered as such and do not restrict the scope of the invention.

What is essential in the invention is to introduce a random parameter inan encryption method so that, during two cases of implementation of themethod by a component, this component uses keys (secret keys,intermediate keys, derived keys, etc.) that are different, whatever thevalue of the input data and/or the secret key and/or the output data,and especially during two cases of implementation using the same inputdata and/or the same secret data and/or the same output data. Thus, byusing different keys at each case of implementation of the method, themethod leaves different traces. The method is thus insensitive to SPAattaches.

1. A method for securing a cryptographic process that generates outputdata from input data and a private key, the method comprising: a keyscheduling process comprising a plurality of derived key schedulingsteps to each provide an updated derived key from a previously derivedkey computed during a preceding derived key scheduling step, a firstupdated derived key being obtained from the private key; masking theprivate key, prior to the key scheduling process, so that each updatedderived key is different for each key scheduling process; wherein,during the masking step, a randomly chosen masking parameter is mixedwith the private key, to provide a masked private key, the first updatedderived key being computed from the masked private key during a firstderived key scheduling step; and performing a plurality of computationsteps, each using an updated derived key, and an unmasking step isexecuted after each computation step to eliminate a contribution of themasking parameter on a result of the previous computation step.
 2. Amethod according to claim 1, wherein the masking step is carried outduring an initialization step.
 3. A method according to claim 1, furthercomprising: a computation step using an updated derived key, and anunmasking step, executed after the computation step, to eliminate acontribution of the masking parameter to a result of the computationstep.
 4. A method according to claim 3 wherein, during the masking step,the following operation is carried out: K′₀=K₀|X₀, K′₀ being the maskedprivate key, K₀ being the private key X₀ being the masking parameter,and the operator “|” being a mixing operator.
 5. A method according toclaim 4, wherein the mixing operator comprises a two-parameter linearoperator.
 6. A method according to claim 4, wherein the mixing operatorcomprises an XOR operator.
 7. A method according to claim 4 wherein,during the unmasking step, an inverse operator of the mixing operator isused.
 8. A method according to claim 1, wherein the key schedulingprocess is a Data Encryption Standard (DES) type process, comprisingsixteen rounds of key scheduling steps, each round using an updatedderived key.
 9. A method according to claim 8 wherein, at each round, atransformation is carried out, comprising: a computation step to combinean intermediate data computed during a previous round and the updatedderived key, and an unmasking step executed after the computation step,to eliminate a contribution of the masking parameter to a result of thecomputation step.
 10. A method for securing a cryptographic process thatgenerates output data from input data and a private key, the methodcomprising: masking the private key; wherein, during the masking step, arandomly chosen masking parameter is mixed with the private key, toprovide the masked private key, the first updated derived key beingcomputed from the masked private key during a first derived keyscheduling step; performing a key scheduling process comprising aplurality of derived key scheduling steps to each provide an updatedderived key from a previously derived key, a first updated derived keybeing obtained from the masked private key; wherein each updated derivedkey is different for each key scheduling process; and performing aplurality of computation steps, each using an updated derived key, andan unmasking step is executed after each computation step to eliminate acontribution of the masking parameter on a result of the previouscomputation step.
 11. A method according to claim 10, wherein themasking step is carried out during an initialization step.
 12. A methodaccording to claim 10, further comprising: a computation step using anupdated derived key; and an unmasking step, executed after thecomputation step, to eliminate a contribution of the masking parameterto a result of the computation step.
 13. A method according to claim 12wherein, during the masking step, the following operation is carriedout: K′₀=K₀|X₀, K′₀ being the masked private key, K₀ being the privatekey X₀ being the masking parameter, and the operator “|” being a mixingoperator.
 14. A method according to claim 13, wherein the mixingoperator comprises a two-parameter linear operator.
 15. A methodaccording to claim 13, wherein the mixing operator comprises an XORoperator.
 16. A method according to claim 13 wherein, during theunmasking step, an inverse operator of the mixing operator is used. 17.A method according to claim 10, wherein the key scheduling process is aData Encryption Standard (DES) type process, comprising sixteen roundsof key scheduling steps, each round using an updated derived key.
 18. Amethod according to claim 17 wherein, at each round, a transformation iscarried out, comprising: a computation step to combine an intermediatedata computed during a previous round and the updated derived key, andan unmasking step executed after the computation step, to eliminate acontribution of the masking parameter to a result of the computationstep.
 19. A electronic device comprising: a controller for securing acryptographic process that generates output data from input data and aprivate key, by masking the private key, and performing a key schedulingprocess comprising a plurality of derived key scheduling steps to eachprovide an updated derived key from a previously derived key, a firstupdated derived key being obtained from the masked private key; whereineach updated derived key is different for each key scheduling process;wherein the controller masks the private key with a randomly chosenmasking parameter, the first updated derived key being computed from themasked private key during a first derived key scheduling step; andwherein the controller performs a plurality of computation steps, eachusing an updated derived key, and an unmasking step is executed aftereach computation step to eliminate a contribution of the maskingparameter on a result of the previous computation step.
 20. A deviceaccording to claim 19, wherein the controller performs the maskingduring an initialization step.
 21. A device according to claim 19,wherein the controller performs a computation step using an updatedderived key, and an unmasking step, executed after the computation step,to eliminate a contribution of the masking parameter to a result of thecomputation step.
 22. A device according to claim 21 wherein, during themasking step, the controller performs the following operation:K′₀=K₀|X₀, K′₀ being the masked private key, K₀ being the private key X₀being the masking parameter, and the operator “|” being a mixingoperator.
 23. A device according to claim 22, wherein the mixingoperator comprises a two-parameter linear operator.
 24. A deviceaccording to claim 22, wherein the mixing operator comprises an XORoperator.
 25. A device according to claim 22 wherein, during theunmasking step, an inverse operator of the mixing operator is used. 26.A device according to claim 19, wherein the key scheduling process is aData Encryption Standard (DES) type process, comprising sixteen roundsof key scheduling steps, each round using an updated derived key.
 27. Adevice according to claim 26 wherein, at each round, the controllerperforms a transformation comprising: a computation step to combine anintermediate data computed during a previous round and the updatedderived key; and an unmasking step executed after the computation step,to eliminate a contribution of the masking parameter to a result of thecomputation step.